From nobody Mon Dec 20 11:11:37 2021 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 00D5018FC247 for ; Mon, 20 Dec 2021 11:11:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JHcNT5cJwz4ZJn for ; Mon, 20 Dec 2021 11:11:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A201F14C7D for ; Mon, 20 Dec 2021 11:11:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1BKBBbAH023506 for ; Mon, 20 Dec 2021 11:11:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1BKBBbYl023505 for net@FreeBSD.org; Mon, 20 Dec 2021 11:11:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 260393] Page Fault tcp_output/tcp_input Date: Mon, 20 Dec 2021 11:11:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ddobrev85@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1639998697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IbBECmPg85mB8gL4Y9Xq4+Q+ko5dd7pfzDsW6YAwvPc=; b=JsprijuQ5Zr3VcaJviv2MkPG3IVb+ljZQV5lRa2y5zhIxOMGQNYUOE0d+Xci/uUmxc9Pov 83FWymMEk/Wkd75xNzJ1ZFfmyRoKRnMmjbq2VI+Vi0RwveA4N4NrzLLwcHg32v0SFi5ubw 1UAzQUSwF5kVksSbqCXWdLQ5USIY9Gw0C6gv1Mvb7mhFTamap0kb19Sg5Xa9oLD9ELLNct fwaOgWFE5Eur545XCr8iiCtRS34xr3yHo20kI5Im3iU3uFragLMgMPwJOl8aqrEqg2Q1XB n+8orB53BlEc9THriDMJwCJCLBjPAUoBmCqBrBnuzh2X39Xr73fr3dzEdMvBSw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639998697; a=rsa-sha256; cv=none; b=OS2bwQt33/o8B/XR4QTJcz+jHnQPyezcHBm0vIvvjAC4Li2w/OaExIpjyKzaKiBeul9+Fu qCNR8Um4nb6NtUz0qvdnHpfVP5TWSflP6zLWKMqBzk+cdHZ9Ob3H/15T3wY5vqCJtcqJtX cy540vUI2VlTAK5SjlW/KeT7y9i0yNwmJSI1jRQ5UFX4SFWt0mVU6ueaP0AxzQJKKqX8sX NzsCYgf7qiKJmu8jxq4cbHF6Bbqo6SVHkk5zWeG39NSg0LKXZvQtfY/udzK2wF5mWsgFme hnRfm9UVKEx4evdXRWXomqNIwRoKhASpJwxsuuGrltinP8Rz7k2rGDdd9fSuPw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260393 --- Comment #10 from Dobri Dobrev --- (In reply to Michael Tuexen from comment #9) (kgdb) frame 8 #8 m_copydata (m=3D0x0, m@entry=3D0xfffff8010ee80d00, off=3D0, len=3D1, cp= =3D) at /usr/src/sys/kern/uipc_mbuf.c:657 657 count =3D min(m->m_len - off, len); (kgdb) list 652 off -=3D m->m_len; 653 m =3D m->m_next; 654 } 655 while (len > 0) { 656 KASSERT(m !=3D NULL, ("m_copydata, length > size of= mbuf chain")); 657 count =3D min(m->m_len - off, len); 658 if ((m->m_flags & M_EXTPG) !=3D 0) 659 m_copyfromunmapped(m, off, count, cp); 660 else 661 bcopy(mtod(m, caddr_t) + off, cp, count); (kgdb) print *(struct mbuf *)0xfffff8010ee80d00 $1 =3D {{m_next =3D 0x0, m_slist =3D {sle_next =3D 0x0}, m_stailq =3D {stqe= _next =3D 0x0}}, {m_nextpkt =3D 0x0, m_slistpkt =3D {sle_next =3D 0x0}, m_stailqpkt =3D {stq= e_next =3D 0x0}},=20 m_data =3D 0xfffff8015b91e528 "&i\365\267\254\350s\352,\025\216*\265\216\004\024\201j\256\245?\225<\020)W= \214%\212\371\221$\205s\277LE<\326\340\032\267\377\366\214\217\235\215^)1x\= 377\342\032\234=C6=82\217]\211\375\333h\361\212\320nE\024\370\330\325S8\272= \001y\023\304;\016:\017\032kT5\323\300\f\245MJd\n\025W\352c\321\062)Pl{/\26= 3\320>6\231\362x\305\311\031=C3=B6\vy\356&=C3=89\265\343;_\273`\272\005\205= \315m(\353=EC=81=9E\001\223\254\371\037]UN\357\202%\201\364\033\r\232G$-N\2= 51\262#\264\204\375\t\321\036\203\241\254\274\314=D8=B2\252j=C5=B9c.k\217\2= 24#\235\206\241U\262\a\215I\035&\253j3"..., m_len =3D 24, m_type =3D 1, m_flags =3D 1, {{{m_pkthdr =3D {{snd_tag =3D 0x= 0,=20 rcvif =3D 0x0}, tags =3D {slh_first =3D 0x0}, len =3D 1337, flo= wid =3D 0, csum_flags =3D 0, fibnum =3D 0, numa_domain =3D 255 '\377', rsstype =3D 0 '= \000', {rcv_tstmp =3D 0, {l2hlen =3D 0 '\000', l3hlen =3D 0 '\000',=20 l4hlen =3D 0 '\000', l5hlen =3D 0 '\000', inner_l2hlen =3D 0 = '\000', inner_l3hlen =3D 0 '\000', inner_l4hlen =3D 0 '\000', inner_l5hlen =3D 0 '\= 000'}}, PH_per =3D {eight =3D "\000\000\000\000\377\377\000", sixteen =3D { 0, 0, 65535, 0}, thirtytwo =3D {0, 65535}, sixtyfour =3D {281470681743360}, unintptr =3D {281470681743360}, ptr =3D 0xffff00000000},= PH_loc =3D {eight =3D "\000\000\000\000\000\000\000", sixteen =3D {0, 0, 0, 0},=20 thirtytwo =3D {0, 0}, sixtyfour =3D {0}, unintptr =3D {0}, ptr = =3D 0x0}}, {m_epg_npgs =3D 0 '\000', m_epg_nrdy =3D 0 '\000', m_epg_hdrlen =3D 0 '\000= ', m_epg_trllen =3D 0 '\000', m_epg_1st_off =3D 0, m_epg_last_len =3D 0,=20 m_epg_flags =3D 0 '\000', m_epg_record_type =3D 0 '\000', __spare= =3D "\000", m_epg_enc_cnt =3D 0, m_epg_tls =3D 0x539, m_epg_so =3D 0xff00000000= 0000, m_epg_seqno =3D 0, m_epg_stailq =3D {stqe_next =3D 0xffff00000000}}}, { m_ext =3D {{ext_count =3D 1, ext_cnt =3D 0x1}, ext_size =3D 2048, e= xt_type =3D 6, ext_flags =3D 1, {{ext_buf =3D 0xfffff8015b91e000 "\023\367\265R\030\254\212\342\220\255\331'\206\217\245f\223o\aH\205\277\22= 2",=20 ext_arg2 =3D 0x0}, {extpg_pa =3D {18446735283447783424, 0, 0,= 0, 0}, extpg_trail =3D '\000' , extpg_hdr =3D '\000' }}, ext_free =3D 0x0, ext_arg1 =3D 0x0},=20 m_pktdat =3D 0xfffff8010ee80d58 "\001"}}, m_dat =3D 0xfffff8010ee80= d20 ""}} (kgdb) frame 10 #10 0xffffffff80dcd382 in tcp_do_segment (m=3D, th=3D, so=3D, tp=3D0xfffffe0251638870, drop_hdrlen=3D40, tlen=3D, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2822 2822 tcp_sack_partialack= (tp, th); (kgdb) print *tp $2 =3D {t_inpcb =3D 0xfffff80a54294000, t_fb =3D 0xffffffff8193b000 , t_fb_ptr =3D 0x0, t_maxseg =3D 1360, t_logstate =3D 0, t= _port =3D 0, t_state =3D 8, t_idle_reduce =3D 0, t_delayed_ack =3D 0, t_fin_is_rst =3D 0= ,=20 t_log_state_set =3D 0, bits_spare =3D 0, t_flags =3D 554697333, snd_una = =3D 3223852179, snd_max =3D 3223852205, snd_nxt =3D 3223852204, snd_up =3D 3223= 850831, snd_wnd =3D 65292, snd_cwnd =3D 1359, t_peakrate_thr =3D 0,=20 ts_offset =3D 0, rfbuf_ts =3D 313886170, rcv_numsacks =3D 0, t_tsomax =3D= 65535, t_tsomaxsegcount =3D 37, t_tsomaxsegsize =3D 4096, rcv_nxt =3D 2467824635, = rcv_adv =3D 2467891323, rcv_wnd =3D 66688, t_flags2 =3D 1024, t_srtt =3D 3309,=20 t_rttvar =3D 287, ts_recent =3D 0, snd_scale =3D 2 '\002', rcv_scale =3D = 6 '\006', snd_limited =3D 0 '\000', request_r_scale =3D 6 '\006', last_ack_sent =3D 2= 467824635, t_rcvtime =3D 2461112999, rcv_up =3D 2467824635,=20 t_segqlen =3D 0, t_segqmbuflen =3D 0, t_segq =3D {tqh_first =3D 0x0, tqh_= last =3D 0xfffffe0251638900}, t_in_pkt =3D 0x0, t_tail_pkt =3D 0x0, t_timers =3D 0xfffffe0251638b18, t_vnet =3D 0xfffff801014c0580, snd_ssthresh =3D 2720,=20 snd_wl1 =3D 2467824635, snd_wl2 =3D 3223852179, irs =3D 2467822589, iss = =3D 3223768989, t_acktime =3D 0, t_sndtime =3D 2460931776, ts_recent_age =3D 0, snd_recover =3D 3223852205, cl4_spare =3D 0, t_oobflags =3D 0 '\000',=20 t_iobc =3D 0 '\000', t_rxtcur =3D 64000, t_rxtshift =3D 11, t_rtttime =3D= 0, t_rtseq =3D 3223852203, t_starttime =3D 2460765463, t_fbyte_in =3D 2460765472, t_fb= yte_out =3D 2460765472, t_pmtud_saved_maxseg =3D 0,=20 t_blackhole_enter =3D 0, t_blackhole_exit =3D 0, t_rttmin =3D 30, t_rttbe= st =3D 3596, t_softerror =3D 0, max_sndwnd =3D 66640, snd_cwnd_prev =3D 8160, snd_ssthre= sh_prev =3D 2720, snd_recover_prev =3D 3223823643, t_sndzerowin =3D 0,=20 t_rttupdated =3D 9, snd_numholes =3D 1, t_badrxtwin =3D 2460781714, snd_h= oles =3D {tqh_first =3D 0xfffff806d12b8780, tqh_last =3D 0xfffff806d12b8790}, snd_fa= ck =3D 3223852203, sackblks =3D {{start =3D 2467824634,=20 end =3D 2467824635}, {start =3D 0, end =3D 0}, {start =3D 0, end =3D = 0}, {start =3D 0, end =3D 0}, {start =3D 0, end =3D 0}, {start =3D 0, end =3D 0}}, sackhin= t =3D {nexthole =3D 0xfffff806d12b8780, sack_bytes_rexmit =3D 0,=20 last_sack_ack =3D 3223852203, delivered_data =3D 12, sacked_bytes =3D 0, recover_fs =3D 1373, prr_delivered =3D 2722, prr_out =3D 4105}, t_rttlow = =3D 84, rfbuf_cnt =3D 0, tod =3D 0x0, t_sndrexmitpack =3D 59, t_rcvoopack =3D 0,=20 t_toe =3D 0x0, cc_algo =3D 0xffffffff81937eb0 , ccv =3D 0xfffffe0251638c60, osd =3D 0xfffffe0251638c88, t_bytes_acked =3D 0, t_maxu= nacktime =3D 0, t_keepinit =3D 0, t_keepidle =3D 0, t_keepintvl =3D 0,=20 t_keepcnt =3D 0, t_dupacks =3D 0, t_lognum =3D 0, t_loglimit =3D 5000, t_= pacing_rate =3D -1, t_logs =3D {stqh_first =3D 0x0, stqh_last =3D 0xfffffe0251638a88}, = t_lin =3D 0x0, t_lib =3D 0x0, t_output_caller =3D 0x0, t_stats =3D 0x0,=20 t_logsn =3D 0, gput_ts =3D 0, gput_seq =3D 0, gput_ack =3D 0, t_stats_gpu= t_prev =3D 0, t_maxpeakrate =3D 0, t_sndtlppack =3D 0, t_sndtlpbyte =3D 0, t_sndbytes =3D= 91397, t_snd_rxt_bytes =3D 61193, t_tfo_client_cookie_len =3D 0 '\000',=20 t_end_info_status =3D 0, t_tfo_pending =3D 0x0, t_tfo_cookie =3D {client = =3D '\000' , server =3D 0}, {t_end_info_bytes =3D "\000\000\000\000\000\000\000", t_end_info =3D 0}} (kgdb) frame 12 #12 0xffffffff80dca9eb in tcp_input (mp=3D0xfffff8010ee80d00, offp=3D0x0, p= roto=3D1) at /usr/src/sys/netinet/tcp_input.c:1496 1496 return(tcp_input_with_port(mp, offp, proto, 0)); (kgdb) print **mp Cannot access memory at address 0x0 (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=